1. Introduction

Highland Botanicals (“we,” “us,” “our”) values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit https://highland-botanicals.com (the “Site”), make purchases, or interact with us.

This Policy complies with:

• The New York SHIELD Act (NY Gen Bus. Law §899-aa & §899-bb)
• New York cannabis marketing & privacy rules
• New York data breach notification requirements
• U.S. state and federal privacy standards
• GDPR / UK GDPR (for EEA/UK visitors)

By using our Site, you consent to this Privacy Policy.

2. Who This Privacy Policy Applies To

This Policy applies to personal information collected from:

• Site visitors
• Customers and prospective customers
• Individuals who contact us or request information
• Newsletter subscribers
• Anyone interacting with our digital services

We act as the data controller for data collected via our Site.

3. Information We Collect

3.1 Information You Provide Voluntarily

We may collect:

• Name
• Email address
• Phone number
• Shipping/billing address
• Payment information (processed securely by third-party processors)
• Order details
• Account info (if an account is created)
• Form submissions or inquiries
• Marketing or newsletter preferences

3.2 Information We Collect Automatically

When you visit our Site, we may automatically collect:

• IP address
• Browser type and device information
• Pages viewed and usage patterns
• Referring URLs
• Cookies and tracking identifiers
• General analytics and platform performance data

3.3 Sensitive Data

We do not request or process:

• Medical or patient information
• Health-related data
• Protected characteristics (e.g., race, religion)

We do not knowingly collect data from minors (see Section 14).

4. Legal Bases for Processing (GDPR/UK GDPR)

For users in the EEA/UK, we process personal data under:

• Consent
• Contractual necessity
• Legitimate interests
• Legal obligations

5. How We Use Personal Information

We use personal information to:

• Operate and maintain the Site
• Process and fulfill orders
• Respond to inquiries and customer support requests
• Verify age eligibility (21+ only)
• Comply with New York cannabis regulations
• Improve website functionality and analytics
• Conduct marketing communications (with consent)
• Prevent fraud and ensure security
• Comply with legal and regulatory obligations

We do not make medical claims or use data for medical targeting.

6. Cookies & Tracking Technologies

We use cookies to:

• Support Site functionality
• Enable age-gated access for cannabis compliance
• Improve performance and analytics
• Personalize user experience
• Support advertising (where legally permitted)

Where required, non-essential cookies are only activated after you provide consent.
You may disable cookies through your browser or our cookie banner.

7. How We Share Information

We may share personal information with:

• Service providers (hosting, analytics, payment processors, age-verification tools)
• Regulatory authorities (if legally required)
• Successors in the event of a business transfer
• Legal authorities in compliance with NY law

We do not sell personal information.
We do not share information for unlawful cannabis advertising or targeting.

8. New York–Specific Privacy & Data Security Requirements (SHIELD Act Compliance)

In compliance with the New York SHIELD Act, we maintain “reasonable administrative, technical, and physical safeguards” to protect personal information, including:

• Access controls and staff authorization limits
• Designated personnel overseeing data security
• Regular risk assessments
• Secure data storage and transmission practices
• Multi-factor security controls where appropriate
• Vendor security oversight
• Regular monitoring for unauthorized access
• Policies for secure data destruction

We also maintain procedures for:

• Incident identification
• Breach notification
• Compliance with state reporting obligations

New York Data Breach Notification Compliance

If personal information is compromised, we will notify:

• Affected individuals
• The New York Attorney General
• The NY Department of State
• The NY State Police
  —as required by NY Gen Bus. Law §899-aa.

9. Cannabis-Specific Compliance (New York)

We adhere to New York cannabis privacy, age, and marketing requirements:

Age Restrictions

• This Site is restricted to 21+ adults only.
• We do not knowingly collect data from individuals under 21.
• Age verification measures and disclaimers are used.

Advertising & Marketing Restrictions

We DO NOT:

• Target minors or individuals under the legal consumption age
• Use imagery, content, or advertising designed to appeal to those under 21
• Make health or medical claims
• Promote illegal cannabis activity or interstate transport
• Advertise in ways prohibited by NY Cannabis Control Board

We DO:

• Promote responsible, legal cannabis use
• Ensure marketing is factual and adult-only
• Maintain age-controlled digital access

10. International Data Transfers

If you access our Site from outside the U.S., your information may be processed in the U.S.
For EEA/UK users, we use appropriate transfer mechanisms (e.g., Standard Contractual Clauses).

11. Data Retention

We retain personal information only as long as required for:

• Legal or regulatory obligations
• Business operations
• Security and fraud monitoring
• Order fulfillment
• Cannabis compliance obligations

Data no longer required is deleted or anonymized.

12. Your Rights

For U.S. Users (including NY residents)

You may request to:

• Access your personal information
• Correct inaccurate information
• Opt out of marketing communications
• Request deletion (where legally permissible)

For EEA/UK Users

You also have the rights to:

• Data portability
• Restrict or object to processing
• Withdraw consent
• File complaints with your supervisory authority

13. Security Measures

We take reasonable steps to protect personal information, including:

• Encryption (where appropriate)
• Secure servers
• Access restrictions
• Personnel training
• Regular review of security protocols
• Incident response procedures

No system is fully secure, but we take New York-required steps to safeguard data.

14. Children’s & Minors’ Privacy

This Site is strictly for adults 21+.
We do not knowingly collect data from minors.
If such data is discovered, it will be deleted immediately.

15. Third-Party Links

Our Site may contain external links. We are not responsible for, nor do we endorse, the privacy practices of third-party websites.

16. Changes to This Privacy Policy

We may update this Policy periodically.
When updated, the “Last Updated” date will reflect the new version.
Continued use of the Site signifies acceptance of any updates.

17. Contact Information

For privacy inquiries or to submit a request, contact:

Highland Botanicals
501 Rte 9W, Piermont, NY
(845) 613-7426
info@highland-botanicals.com